Transparent Proxy and Bind Resolve Issue
-
Hi.
I had setup bind as cache server on pfsense 2.4.4_p2, squid MITM.
I start noting issues with example www.google.com, my error are:
This site can’t provide a secure connection www.google.com sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERRORLatter I start checking others sites like ebay, amazon, etc and the same issue, firefox, iexplorer, chrome.
If I test inside the client side like nslookup it answer all the queries.
Running squid in none-transparent mode no issues, just with MITM.
Using DNS resolver no issue.
Anyone knows is this s bug or something to do?
Thanks!!!
-
@periko I will answer my own post.
Looks like I found the issuem, once we enable and setup bind, for some reason the file /etc/resolv.conf lost the line:
nameserver 127.0.0.1Them squid read this file and for some reason the queries fall.
Now, I have 2 paths:
- Add manually the localhost in the resolv.conf file in the first line.
- Or add as alternative dns in squid localhost 127.0.0.1
Using any of this 2 options everything start working.
Them bind have some daemon, because I select LAN+Localhost for listen.
Hope some could check this which affect proxy transparent MITM.
Thanks.